It's really poor form to hijack a thread with a totally unrelated question, but since you asked:
You'll need to use tcprewrite to convert the DLT format of the pcap to RAW so the DLT's match. Honestly, I don't have any experience with sending traffic over an OpenVPN tunnel. -- Aaron Turner http://synfin.net/ Twitter: @synfinatic Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin On Thu, May 1, 2014 at 10:03 PM, <mahdi312...@yahoo.com> wrote: > Hi > > I am trying to send the pcap traffic using tcpreplay to the Openvpn > interface, "tun0", but i received the following warning: > "DLT (EN10MB) does not match that of the outbound interface: tun0 (RAW)" > Would you please help me to address the issue. > As a information, I have a pre-captured pcap file and need to replay this > file inside the encrypted tunnel including openvpn. > Thanks in advance > > Best Regards > Mehdi Barati > > P Consider the environment, please don't print this e-mail unless it is > necessary > On Friday, May 2, 2014 1:03 AM, Aaron Turner <synfina...@gmail.com> wrote: > Well tcpprep has enough modes & options that I'm pretty certain that > it can do what you want if it is possible. However, what you're asking > for isn't possible for any imaginable tool for every possible PCAP. > > For example, if you have three hosts: A, B and C and each host > connects to the other two, what you're asking for is impossible. > -- > Aaron Turner > http://synfin.net/ Twitter: @synfinatic > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. > -- Benjamin Franklin > > > On Thu, May 1, 2014 at 8:45 AM, Bradley, Jon <jdb...@sandia.gov> wrote: >> Thanks for your quick response. I'll try that. For application we need >> nodes classified as strictly server or client, so this may not be the right >> tool to use. >> >> >> >> >> -----Original Message----- >> From: Aaron Turner [mailto:synfina...@gmail.com] >> Sent: Wednesday, April 30, 2014 3:39 PM >> To: Main forum for tcpreplay >> Subject: [EXTERNAL] Re: [Tcpreplay-users] tcpprep server/client >> assignments unstable in cache file >> >> Basically what that means is that tcpprep has classified BOTH >> 192.168.1.221 and 134.253.181.25 in the same category. Tcpprep actually >> looks at the entire pcap and does some basic analysis to classify IP's as >> "clients" or "servers", but sometimes the traffic contains both client & >> server functionality for the same IP. A common example would be a SMTP >> server which is both accepting mail and relaying mail out. In such a case, >> tcpprep will look at the ratio to decide. >> >> You can also get situations where the traffic for a given IP where there >> isn't an obvious client/server relationship. In those cases, tcpprep looks >> at the IP's nearby to see if it can figure it out. The theory being that >> servers tend to be on their own subnets, so any IP on the same subnet as >> another server is more likely to be a server too. >> >> In these cases, tcpprep's --ratio and --minmask/--maxmask can help tune >> how things are categorized. >> >> -- >> Aaron Turner >> http://synfin.net/ Twitter: @synfinatic >> Those who would give up essential Liberty, to purchase a little temporary >> Safety, deserve neither Liberty nor Safety. >> -- Benjamin Franklin >> >> >> On Wed, Apr 30, 2014 at 1:18 PM, Bradley, Jon <jdb...@sandia.gov> wrote: >>> Hi all, >>> >>> We're attempting to use tcpprep to partition nodes on a network into >>> clients and servers, but are getting some unexpected results. >>> >>> We are not using tcpreplay to replay the traffic, we would only like to >>> leverage the tcpprep's algorithms for distinguishing servers and clients. >>> >>> We are using a command like: >>> >>> tcpprep --auto=bridge --pcap=100meg.pcap --cachefile=100meg.cache >>> tcpprep --print-info=100meg.cache > dirs.txt >>> >>> We then combine it with a dump of the IP addresses like this: >>> >>> tshark -n -o >>> "column.format:srcaddr,\"%s\",srcport,\"%uS\",dstaddr,\"%d\",dstport,\ >>> "%uD\"" -r 100meg.pcap > ips.txt paste -d' == ' ips.txt dirs.txt > >>> both.txt >>> >>> Now I have a file like this: >>> .... >>> 134.253.26.250 80 192.168.1.36 57090 Packet 139991 -> Secondary >>> 192.168.1.36 57090 134.253.26.250 80 Packet 139992 -> Primary >>> 134.253.26.250 80 192.168.1.36 57090 Packet 139993 -> Secondary >>> 134.253.26.250 80 192.168.1.36 57090 Packet 139994 -> Secondary >>> 192.168.1.36 57090 134.253.26.250 80 Packet 139995 -> Primary .... >>> >>> I think this is telling me the whether the first (if primary) or second >>> (if secondary) ip address is the client. >>> >>> However, I run into situations like this: >>> >>> 192.168.1.221 53344 134.253.181.25 53 Packet 14067 -> Secondary [LINE >>> A] >>> 134.253.181.25 53 192.168.1.221 53344 Packet 14068 -> Secondary [LINE >>> B] >>> >>> Where we can see that 192.168.1.221 is classified as a client of >>> 134.253.181.25 in LINE A, But the roles are reversed on LINE B. >>> >>> I was under the impression from the documentation that an IP address >>> would be classified as either a "server" or a "client" for the entire life >>> of the pcap file, but here the roles are reversed *even with respect to >>> eachother*. >>> >>> We have tried using the different modes of --auto, with no luck. >>> >>> Am I mis-using the tool? Is there a better way to get at a clean >>> partitioning of servers/clients? Am I missing something conceptually? >>> >>> ---OUTPUT OF tcpprep -V ----- >>> tcpprep version: 4.0.4 (build git:v4.0.4) Copyright 2013-2014 by Fred >>> Klassen <tcpreplay at appneta dot com> - AppNeta Inc. >>> Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net> The >>> entire Tcpreplay Suite is licensed under the GPLv3 Cache file >>> supported: 04 Not compiled with libdnet. >>> Compiled against libpcap: 1.1.1 >>> 64 bit packet counters: enabled >>> Verbose printing via tcpdump: enabled >>> ------------------------------------------ >>> >>> >>> Thanks for any help /suggestions. >>> >>> ---------------------------------------------------------------------- >>> -------- "Accelerate Dev Cycles with Automated Cross-Browser Testing - >>> For FREE Instantly run your Selenium tests across 300+ browser/OS >>> combos. Get unparalleled scalability from the best Selenium testing >>> platform available. >>> Simple to use. Nothing to install. Get started now for free." >>> http://p.sf.net/sfu/SauceLabs >>> _______________________________________________ >>> Tcpreplay-users mailing list >>> Tcpreplay-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > >> >> >> ------------------------------------------------------------------------------ >> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE >> Instantly run your Selenium tests across 300+ browser/OS combos. Get >> unparalleled scalability from the best Selenium testing platform available. >> Simple to use. Nothing to install. Get started now for free." >> http://p.sf.net/sfu/SauceLabs >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> ------------------------------------------------------------------------------ >> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE >> Instantly run your Selenium tests across 300+ browser/OS combos. Get >> unparalleled scalability from the best Selenium testing platform >> available. >> Simple to use. Nothing to install. Get started now for free." >> http://p.sf.net/sfu/SauceLabs >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > ------------------------------------------------------------------------------ > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. Get > unparalleled scalability from the best Selenium testing platform available. > Simple to use. Nothing to install. Get started now for free." > http://p.sf.net/sfu/SauceLabs > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > > > ------------------------------------------------------------------------------ > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. Get > unparalleled scalability from the best Selenium testing platform available. > Simple to use. Nothing to install. Get started now for free." > http://p.sf.net/sfu/SauceLabs > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
